Upversion docker-distribution to v2.8.2+ds1-1

Upversioning docker-distribution to v2.8.2+ds1-1 to be able to block
TLS1.0, TLS1.1 in registry-distribution.

Test Plan:

PASS: $downloader.
PASS: $build-pkgs docker-distribution --clean.
PASS: $build-image.
PASS: List docker-distribution package installed with apt list |
      grep docker.
PASS: Verify if ports 9001 and 9002 are blocking tls1.0, 1.1 and
      1.2 with nmap.

Closes-Bug: 2043217

Change-Id: Id0fc5f8794af54fc4b87b9cab6cec8b454775410
Signed-off-by: Karla Felix <karla.karolinenogueirafelix@windriver.com>
This commit is contained in:
Karla Felix 2023-10-18 21:51:11 -03:00
parent e35b25e6c0
commit c007315764
6 changed files with 60 additions and 62 deletions

View File

@ -1,14 +1,14 @@
From 922d937e24a4a0cd9d826579eeb9afed4f7c234c Mon Sep 17 00:00:00 2001
From: Daniel Safta <daniel.safta@windriver.com>
Date: Wed, 3 Nov 2021 09:48:45 +0000
From d59ec80b26c352416d84eb22e8dc8c743eb9a8e6 Mon Sep 17 00:00:00 2001
From: Karla Felix <karla.karolinenogueirafelix@windriver.com>
Date: Wed, 18 Oct 2023 19:05:21 -0300
Subject: [PATCH] debian-patches
---
debian/docker-registry.init | 2 +-
debian/docker-registry.install | 2 +-
debian/docker-registry.postinst | 2 +-
debian/docker-registry.service | 7 ++++++-
4 files changed, 9 insertions(+), 4 deletions(-)
debian/rules | 4 ++--
4 files changed, 10 insertions(+), 5 deletions(-)
diff --git a/debian/docker-registry.init b/debian/docker-registry.init
index c225130..c03a67a 100644
@ -23,15 +23,6 @@ index c225130..c03a67a 100644
EXECUSER=docker-registry
PIDFILE=/var/run/$BASE.pid
LOGFILE=/var/log/$BASE.log
diff --git a/debian/docker-registry.install b/debian/docker-registry.install
index ea1de25..6ed37e3 100755
--- a/debian/docker-registry.install
+++ b/debian/docker-registry.install
@@ -1,3 +1,3 @@
#!/usr/bin/dh-exec
usr/bin/registry => usr/bin/docker-registry
-cmd/registry/config-example.yml => etc/docker/registry/config.yml
+cmd/registry/config-example.yml => etc/docker-distribution/registry/config.yml
diff --git a/debian/docker-registry.postinst b/debian/docker-registry.postinst
index 96ded3c..d179197 100755
--- a/debian/docker-registry.postinst
@ -63,6 +54,21 @@ index 066e38a..a2feaa6 100644
[Install]
WantedBy=multi-user.target
diff --git a/debian/rules b/debian/rules
index 8f0ea9f..ec4fa26 100755
--- a/debian/rules
+++ b/debian/rules
@@ -15,8 +15,8 @@ override_dh_auto_build:
execute_after_dh_auto_install:
mv debian/tmp/usr/bin/registry debian/tmp/usr/bin/docker-registry
- mkdir -p debian/tmp/etc/docker/registry
- cp cmd/registry/config-example.yml debian/tmp/etc/docker/registry/config.yml
+ mkdir -p debian/tmp/etc/docker-distribution/registry
+ cp cmd/registry/config-example.yml debian/tmp/etc/docker-distribution/registry/config.yml
override_dh_auto_test:
dh_auto_test -- -test.short -test.timeout=1h
--
2.30.2
2.25.1

View File

@ -1,18 +1,19 @@
From 4b27111fbe6b626d08e212eb48693a228da203bc Mon Sep 17 00:00:00 2001
From: Charles Short <charles.short@windriver.com>
Date: Tue, 7 Dec 2021 18:49:39 +0000
From 166ccc11c71ce7d68073e4231c6423a8eae9c1c2 Mon Sep 17 00:00:00 2001
From: Karla Felix <karla.karolinenogueirafelix@windriver.com>
Date: Wed, 18 Oct 2023 19:32:16 -0300
Subject: [PATCH] Do not set gecos when creating user
Remove the gecos creation since it causes issue while running
debootstrap.
Signed-off-by: Charles Short <charles.short@windriver.com>
---
---
debian/docker-registry.postinst | 1 -
1 file changed, 1 deletion(-)
diff --git a/debian/docker-registry.postinst b/debian/docker-registry.postinst
index 96ded3c..13df951 100755
index d179197..d6a93ba 100755
--- a/debian/docker-registry.postinst
+++ b/debian/docker-registry.postinst
@@ -7,7 +7,6 @@ if [ "$1" = 'configure' ]; then
@ -24,5 +25,5 @@ index 96ded3c..13df951 100755
fi
--
2.30.2
2.25.1

View File

@ -1,29 +1,29 @@
From ec4d2b9704df16e3ffe4256b3eae6b7bd8d25807 Mon Sep 17 00:00:00 2001
From: Charles Short <charles.short@windriver.com>
Date: Sun, 5 Dec 2021 13:33:26 +0000
From 7e2c90b4c9bcb35a81a737eb50b4720f52b79fa2 Mon Sep 17 00:00:00 2001
From: Karla Felix <karla.karolinenogueirafelix@windriver.com>
Date: Wed, 18 Oct 2023 19:42:53 -0300
Subject: [PATCH] Override docker-registry service
Prevent the docker-registry from starting when package is installed.
Signed-off-by: Charles Short <charles.short@windriver.com>
---
debian/rules | 4 ++++
1 file changed, 4 insertions(+)
debian/rules | 3 +++
1 file changed, 3 insertions(+)
diff --git a/debian/rules b/debian/rules
index 8383ccd..f02c9ef 100755
index 02ce7be..32ef06f 100755
--- a/debian/rules
+++ b/debian/rules
@@ -17,5 +17,9 @@ override_dh_auto_test:
# health/checks hit the internet, and thus fail
#DH_GOLANG_EXCLUDES='distribution/registry/handlers health/checks' dh_auto_test -- -test.short
@@ -10,6 +10,9 @@ export DH_GOLANG_EXCLUDES := \
%:
dh $@ --buildsystem=golang --with=golang
+override_dh_installsystemd:
+ dh_installsystemd -p docker-registry --no-enable docker-registry.service
+
%:
dh $@ --buildsystem=golang --with=golang
+
override_dh_auto_build:
dh_auto_build -- -ldflags '-X github.com/docker/distribution/version.Version=$(DEB_VERSION_UPSTREAM)'
--
2.30.2
2.25.1

View File

@ -1,6 +1,6 @@
From 1f52f7857bdfd54af3409f0dc4a56ed866582327 Mon Sep 17 00:00:00 2001
From: Fabricio Henrique Ramos <fabriciohenrique.ramos@windriver.com>
Date: Fri, 28 Jan 2022 16:31:00 -0300
From 0ada96a42a4c7738f492ae870afb32c4029162c8 Mon Sep 17 00:00:00 2001
From: Karla Felix <karla.karolinenogueirafelix@windriver.com>
Date: Wed, 18 Oct 2023 19:51:56 -0300
Subject: [PATCH] Remove User directive from unit file
By removing:
@ -26,5 +26,5 @@ index a2feaa6..a4652b3 100644
Environment=REGISTRY_STORAGE_DELETE_ENABLED=true
ExecStart=/usr/bin/docker-registry serve /etc/docker-distribution/registry/config.yml
--
2.17.1
2.25.1

View File

@ -1,6 +1,6 @@
---
debname: docker-registry
debver: 2.7.1+ds2-7+deb11u1
debver: 2.8.2+ds1-1
archive: https://snapshot.debian.org/archive/debian/20230529T205957Z/pool/main/d/docker-registry
revision:
dist: $STX_DIST

View File

@ -1,28 +1,28 @@
From 8d41cb5a84e9d7a51a02e3e33289008bdf2a5491 Mon Sep 17 00:00:00 2001
From: Daniel Safta <daniel.safta@windriver.com>
Date: Wed, 3 Nov 2021 09:50:59 +0000
Subject: [PATCH] code-patches
From c4682c6ef5deba520d2e6cf4ec24459c86eb6399 Mon Sep 17 00:00:00 2001
From: Karla Felix <karla.karolinenogueirafelix@windriver.com>
Date: Thu, 19 Oct 2023 14:08:31 -0300
Subject: [PATCH] code_patches
---
Dockerfile | 4 ++--
cmd/registry/config-example.yml | 2 +-
contrib/docker-integration/docker-compose.yml | 22 +++++++++----------
contrib/docker-integration/docker-compose.yml | 20 +++++++++----------
.../registry-config-notls.yml | 2 +-
.../tokenserver-oauth/registry-config.yml | 6 ++---
.../tokenserver/registry-config.yml | 6 ++---
6 files changed, 21 insertions(+), 21 deletions(-)
.../tokenserver-oauth/registry-config.yml | 6 +++---
.../tokenserver/registry-config.yml | 6 +++---
6 files changed, 20 insertions(+), 20 deletions(-)
diff --git a/Dockerfile b/Dockerfile
index 9537817..5c92094 100644
index fb54b68..a8233ad 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -15,9 +15,9 @@ COPY . $DISTRIBUTION_DIR
RUN CGO_ENABLED=0 make PREFIX=/go clean binaries && file ./bin/registry | grep "statically linked"
@@ -52,9 +52,9 @@ COPY --from=releaser /out /
FROM alpine
FROM alpine:${ALPINE_VERSION}
RUN apk add --no-cache ca-certificates
-COPY cmd/registry/config-dev.yml /etc/docker/registry/config.yml
+COPY cmd/registry/config-dev.yml /etc/docker-distribution/registry/config.yml
COPY --from=build /go/src/github.com/docker/distribution/bin/registry /bin/registry
COPY --from=binary /registry /bin/registry
VOLUME ["/var/lib/registry"]
EXPOSE 5000
ENTRYPOINT ["registry"]
@ -42,7 +42,7 @@ index d2aecbb..30c9f62 100644
storagedriver:
enabled: true
diff --git a/contrib/docker-integration/docker-compose.yml b/contrib/docker-integration/docker-compose.yml
index 374197a..74f203f 100644
index 374197a..bd981a6 100644
--- a/contrib/docker-integration/docker-compose.yml
+++ b/contrib/docker-integration/docker-compose.yml
@@ -37,10 +37,10 @@ registryv2token:
@ -84,15 +84,6 @@ index 374197a..74f203f 100644
tokenserveroauth:
build: "tokenserver-oauth"
command: "--debug -addr 0.0.0.0:5559 -issuer registry-test -passwd .htpasswd -tlscert tls.cert -tlskey tls.key -key sign.key -realm http://auth.localregistry:5559 -enforce-class"
@@ -84,7 +84,7 @@ docker:
environment:
DOCKER_GRAPHDRIVER:
volumes:
- - /etc/generated_certs.d:/etc/docker/certs.d
+ - /etc/generated_certs.d:/etc/docker-distribution/certs.d
- /var/lib/docker
links:
- nginx:localregistry
diff --git a/contrib/docker-integration/tokenserver-oauth/registry-config-notls.yml b/contrib/docker-integration/tokenserver-oauth/registry-config-notls.yml
index a700d08..bbde741 100644
--- a/contrib/docker-integration/tokenserver-oauth/registry-config-notls.yml
@ -146,5 +137,5 @@ index b9efdd3..11be98e 100644
- rootcertbundle: "/etc/docker/registry/tokenbundle.pem"
+ rootcertbundle: "/etc/docker-distribution/registry/tokenbundle.pem"
--
2.30.2
2.25.1